git.baikalelectronics.ru Git - kernel.git/commit

author	Mikulas Patocka <mpatocka@redhat.com>
	Thu, 21 Jan 2021 15:09:32 +0000 (10:09 -0500)
committer	Mike Snitzer <snitzer@redhat.com>
	Wed, 3 Feb 2021 15:10:05 +0000 (10:10 -0500)
commit	a30587cc5b6f33ce47a407847264fdff583fd5bf
tree	6a66e25ef563aa53db9f148d08f2f531ddf36778	tree \| snapshot
parent	4b5c5e3e822fc283ece73acca71bdb5976f1c9cf	commit \| diff

dm integrity: introduce the "fix_hmac" argument

The "fix_hmac" argument improves security of internal_hash and
journal_mac:
- the section number is mixed to the mac, so that an attacker can't
  copy sectors from one journal section to another journal section
- the superblock is protected by journal_mac
- a 16-byte salt stored in the superblock is mixed to the mac, so
  that the attacker can't detect that two disks have the same hmac
  key and also to disallow the attacker to move sectors from one
  disk to another

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Reported-by: Daniel Glockner <dg@emlix.com>
Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com> # ReST fix
Tested-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>

Documentation/admin-guide/device-mapper/dm-integrity.rst		diff \| blob \| history
drivers/md/dm-integrity.c		diff \| blob \| history